How we're preparing for GDPR

The European Union has taken an important step in protecting the right to privacy for EU citizens with the General Data Protection Regulation (GDPR), effective from May 25, 2018.

EU residents will now have greater control over how their personal data is used.

We have been working to guarantee MobiLoud's own compliance, and assessing how it will affect our own customers.

Does the GDPR affect me?

Most likely, yes!

It applies to all businesses with customers, users or website visitors who are from the EU. This means that any organization in the world that works with EU residents' personal data in any manner has obligations to protect their users' data and be GDPR compliant.

MobiLoud customers typically act as the "data controller" for any personal data their app collects directly or that they provide to Third Parties (who will generally be "data controllers") in connection with their mobile apps. This means that data is under the customer’s control. Controllers are responsible for obligations like fulfilling EU citizens' rights concerning their personal data. As a data controller, you should get familiar with the GDPR and prepare a plan to become compliant.

MobiLoud’s business is to provide mobile apps to content publishers. Our service is equivalent to a development team helping you publish your apps, which you control directly. While we collect and store customers' personal data (e.g. your email address) in order to provide you with our services (read more in our Privacy Policy), and so we qualify as a "data controller" for your data, the apps we help you publish don’t connect to any MobiLoud system which accesses or stores user data.

Since we will not collect or process any of your users' data, so we shouldn't qualify as a "data controller" nor a "data processor" for any data collection and processing originating from the apps we help you publish.

As a data controller, it's your responsibility to ensure the companies that may handle your users' data at any point in time are GDPR compliant. You'll want to have a written agreement in place with them that meets the GDPR standards.

Your app users should provide explicit consent to any data collection happening in the app. For this, you'll want to display a screen when your app starts that informs on the use of data your app makes and requires your users' acceptance of your app's Terms and Privacy Policy. For more information about the data that third parties collect, please see the Third Parties section at the bottom of this page.

Depending on how you configure your app, it may connect to Third Party Services including advertising providers such as Google’s Admob or a push notifications provider, like Onesignal. Your use of Third Party Services is solely between you and the respective third party and will be governed by the Third Party’s terms and policies. It is your responsibility to review them before using their services.

When we have entered into relationships with Third Party providers on our customers' behalf (for example Google for its Crashlytics service or Pushbots and Onesignal for push notifications) in order to provide a service to our customers, we are recommending customers to register their own third-party accounts and have their profiles transferred to them, so that they are in a direct contractual relationship with those providers and therefore able to meet the requirements of the GDPR. If you don't have your own push notifications account get in touch so we can assist you in this transition.

Similarly, for customers that have their apps hosted on our Google Play or App Store accounts, we will recommend having their own accounts created and their apps transferred. If you don't have your app on your own App Store and Google Play accounts, get in touch so we can assist you in this transition.

How is MobiLoud preparing for GDPR?

Our policy is to respect all laws that apply to our business including GDPR. We also know that our customers have requirements under GDPR. We are committed to helping our customers stay in compliance with GDPR and their local requirements through our services.

We have updated our Privacy Policy and Terms and Conditions to detail all the data we collect from customers and all services we use to collect and process the data in order to provide our services and clarify your responsibility when publishing your own app including SDKs and services offered by Third Parties.

MobiLoud is committed to following appropriate security measures and precautions in accordance with GDPR. We're adding data encryption wherever we can.

We’re reviewing all our providers, finding out about their GDPR plans and arranging data processing agreements with them.

Where we are transferring data outside of the EU, we are committed to appropriate data transfer mechanisms as required by GDPR.

MobiLoud will assist with notifying regulators of breaches and promptly communicating any breaches to our customers.

We will hold any subprocessors that handle your personal data to the same data management, security, and privacy practices and standards to which we hold ourselves.

We will ensure that employees and contractors authorized to process personal data have committed to confidentiality agreements.

We are building the necessary features that will enable our customers to easily meet their GDPR obligations. This will include ways for users to give and remove their consent to data collection. Much of this functionality requires third-party services to provide an API for data removal, which not all provide at the moment.

We are updating the Third Party SDKs included in the apps to GDPR compliant versions as soon as they are made available by Third Parties. We will update customer apps to include these updated SDKs at no additional cost for any active subscriber and Lifetime License holders within 12 months from purchase or with an active Service Package.

How does MobiLoud store my data?

We store our customers' data (e.g. your name and email address) using services and hosting providers that comply with GDPR requirements or are working towards compliance e.g. Intercom and others detailed in our Privacy Policy. We are committed to complying with any requests made that fall under the scope of GDPR, including the Right to Erasure. Customer data can be deleted upon request of the customer.

Where can I learn more about GDPR?

Luckily, there are many different resources you can use to help you prepare for GDPR.

You can self-certify your business under the EU-US Privacy Shield Framework. This provides companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.

Third Party Services you may use in your app

Your app includes a number of SDKs to allow functionality from analytics to advertising, as well as crash logging and push notifications delivery. These services are linked to below. Some of these will not be active unless you're signed up with them specifically to use them in your app. Some, like Google Firebase, Pushbots or OneSignal are required for the app to be able to receive push notifications.